Develop Reference

Troubleshoot "SSL Handshake errors" in Indy

I use Indy TidHTTPServer and TidServerIOHandlerSSLOpenSSL on my server component to handle HTTPS request for command & control.
There are situations where - without any logged errors on the server - client receive an error "SSL handshake failed". I see no reasons on the server and - funny enough - fixes itself sometimes after some time.
Where can I step into the Indy components to see where the problem is? Which events can I use to maybe see something?
Update1 (29.05.2021): An exeption I found throught he handlers suggested by Remy Lebeau is "Error accepting connection with SSL. EOF was observed that violates the protocol". I still cant tell what is causing this, though...

I have had this (or similar) errors in the past when I forgot to put the OpenSSL dll files in the same folder as the executable. You need ssleay32.dll and libeay32.dll.
You can find them on the Indy page (link at the very bottom): https://www.indyproject.org/download/ssl/

Indy "Connection Reset by Peer" Err. 10054 on Specific Website

I am encountering some problems using some code that worked for ages involving Indy and the download of a web page. I use RAD Studio 10.2 Tokyo.
The web page is as follows:
https://donet.rfi.it/RFIPlatform/showDoc.do?compartimentoHidden=AN&docTypeHidden=CC
The code I am using is part of an application which has the same code since 2011 and it always worked well. The code is as follows:
IDHTTP1.Get('https://donet.rfi.it/RFIPlatform/showDoc.do?compartimentoHidden=AN&docTypeHidden=CC');
I am getting a "Connection Reset by Peer 10054" error since the website went down, some days ago, and when it came up again, the code did not work anymore.
The aforementioned web page can be called from the browser, can even be downloaded with WGET, but Indy is failing.
I tried to play with various options (Cookie Handling, Handle Redirects, HTTPOptions, etc...) and I also updated the SSL libraries to 1.0.2q (Indy cannot use OpenSSL 1.1.0 yet), but the whole thing just doesn't want to work.
Can someone help me figure out what is going on? It has to be for sure something on the website, since the code I use is the same since 2011 and it has always worked. And before that, the same code worked in a similar application since 2008.

Indy's TIdSSLIOHandlerSocketOpenSSL component enables only TLS 1.0 by default. The website in question (https://donet.rfi.it) does not accept TLS 1.0 anymore (probably why it went offline, to update its software), it will accept only TLS 1.1+ now.
TIdHTTP is able to successfully establish a TCP/IP connection to donet.rfi.it:443, but as soon as TIdSSLIOHandlerSocketOpenSSL sends a TLS 1.0 handshake request, the server forcibly closes the TCP connection. You are getting the "connection reset by peer" error while TIdSSLIOHandlerSocketOpenSSL is trying to read the server's handshake response.
You need to configure TIdSSLIOHandlerSocketOpenSSL to enable TLS 1.1 and/or 1.2. You can do that via its SSLOptions.SSLVersions property. Then TIdHTTP.Get() will work again (I tested it).

Delphi Indy IdMappedPortTCP

Im using Delphi XE 5/6, default Indy version, Windows 7. IdMappedPortTCP (component put on Form) redirect local stream from FFmpeg to Twitch.tv and always near 2 hours of streaming i have IdMappedPortTCP1ExceptionSocket Error # 10053
Software caused connection abort. Tried TCPRelay and no problems so i guess something must be wrong in my app. Thanks for suggestions.

10053 is a network error. Most likely a firewall or router is cutting the connection after it is idle for too long. I would try using Indy's TIdEventStream class as explained in the answer to this post:
How to avoid getting an error 10053 (WSAECONNABORTED) if a HttpGet operation in Android is lasting too long?

Connection Timed Out + SSL Connection + TCPIP + Indy10.5.5

I am developed one application for sending files client to server using TCP/IP Components using SSL.
Error is Connection Timed Out is occurred when Sending Large Files at Server Side
Server Side (SSL)
idTCPServer1.IOHandler := IdServerIOHandlerSSLOpenSSL1;
OnExecute
Acontext.Connection.IOHandler.LargeStream := True;
Acontext.Connection.IOHandler.ReadStream(filestream,Filesize); // Error is occurred here.
End;
Client Side (SSL)
idTCPClient1.IOHandler := IdSSLIOHandlerSocketOpenSSL1;
idTCPClient1.IOHandler.LargeStream := True;
idTCPClient1.IOHandler.WriteStream(fms,-1,True);
Connection is established between Client & Server. When send the files after some time Connection Timed out is error is shown at server & at client application going to Not Responding .
Here another scenario is when i connect the Client & Server as Normal using IdIOHandlerStack1 (at Client Side) and server side not assign any Handler. Files transfered successfully with out any problem.
I am using Delphi2010 & Indy10.5.5, DLL Version is 0.9.8.18
anyone guide to me

There is no WriteStream() method, there is a TStream overload of the Write() method instead.
You are telling Write() to send the stream size as a 64-bit integer, but you are not telling ReadStream() to read the stream size, so presumably you have read the full 64-bit file size beforehand using ReadInt64(), correct?
Also, 10.5.5 is an outdated version of Indy. The current version is 10.5.9. Try upgrading to make sure you have all of the latest bug fixes and such, and then report back if you are still having problems.

Indy IMAP4 over SSL

I've written a Windows service in Delphi 2007 using Indy 10 (10.5.8.0) that connects to an email server via IMAP and reads 10 emails, processes them and disconnects.
This is repeated throughout the day.
This works fine as long as the service doesn't connect using SSL/TLS.
When connecting using TLS it seems to work the first time, but gives a "start SSL negotiation failed" error on subsequent attempts.
I'm using the following Indy settings in my service:
FIMAP4.Port := 143
FIMAP4.UseTLS := utUseRequireTLS;
FIdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvSSLv23;
The email server runs Exchange 2010 and operates TLS on port 143 and SSL on port 993.
I'm using the latest version of the ssl dlls (1.0.1.3).
I'm disconnecting by doing:
FIMAP4.IOHandler.InputBuffer.Clear;
FIMAP4.Disconnect;
UPDATE:
Extract from EurekaLog:
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|TLSNotAvailable |416[4] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|TLSNotAvailable |412[0] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|ProcessTLSNotAvail|342[2] |
|IdExplicitTLSClientServerBase.pas|TIdExplicitTLSClient|ProcessTLSNotAvail|341[1] |
|IdIMAP4.pas |TIdIMAP4 |Login |1957[16]|
|IdIMAP4.pas |TIdIMAP4 |Connect |2019[28]|
This would seem to indicate TLS is NOT available (I would have expected TLSNotAvailable to raise a
EIdTLSClientTLSNotAvailable.Create(RSTLSSLSSLNotAvailable);
rather than a
EIdTLSClientTLSNotAvailable.Create(RSTLSSLSSLCmdFailed);
but this has led me to wonder if the email server does not support TLS, at least on port 143).
If I don't use TLS, I get a:
EIdReplyIMAP4Error: Command received in Invalid state.
|IdReplyIMAP4.pas |TIdReplyIMAP4 |RaiseReplyError |242[1] |
|IdTCPConnection.pas|TIdTCPConnection|RaiseExceptionForLastCmdResult|576[1] |
|IdIMAP4.pas |TIdIMAP4 |Login |1970[29]|
|IdIMAP4.pas |TIdIMAP4 |Connect |2019[28]|
This seems to be an authentication failed message, although I'm not sure why.

Try using sslvTLSv1 instead of sslvSSLv23.

Fixed!
Two critical settings were wrong:
FIdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvTLSv1;
FIMAP4.UseTLS := utUseImplicitTLS;
setting these up (still on port 143) resolved the issue.

The latest Indy 10 version works much better at TLS, SSL, IMAP, SMTP, and SASL, than the one that shipped in Delphi 2007. Heck, Delphi 2007 shipped in 2006 at some point, and so the Indy 10 version is a snapshot from 2006, that's SIX YEARS AGO.
Upgrade your Indy10 sources, and then try different SSL options.
You may also have a bad SSL (ssleay, libssl) DLL version. Use the versions recommended on the Indy page.